04a5bffb60bb11258a583a1010bf21e675be4503c60a23cb3a34a2a643f299e7

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
29-06-2024 22:06

Target

04a5bffb60bb11258a583a1010bf21e675be4503c60a23cb3a34a2a643f299e7_NeikiAnalytics.dll
Size

5KB
MD5

1de7b7e2eb3e6602356867854f4a0f30
SHA1

5988c0a1a8cd5cd7171daa8c2b8d7e578c9ac575
SHA256

04a5bffb60bb11258a583a1010bf21e675be4503c60a23cb3a34a2a643f299e7
SHA512

a9e41d327ccfee3a65678256adb9eb1aa162bd68b7fe58c0c92707722a20f9c87960579e8c6d69a363fafdbcbf71b6b92941ef8b53e8353a7c0239f4fd6fa968
SSDEEP

96:nEY2RrF1eqwi4h7k0rGtMzGITkd8nFmr0G:EHRh1epplbrGqJTKEQB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28
PID 1688 wrote to memory of 1992	1688	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04a5bffb60bb11258a583a1010bf21e675be4503c60a23cb3a34a2a643f299e7_NeikiAnalytics.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04a5bffb60bb11258a583a1010bf21e675be4503c60a23cb3a34a2a643f299e7_NeikiAnalytics.dll,#1
  2⤵
  PID:1992